On 2023-10-04, Mario Emmenlauer via Exim-users <exim-users@lists.exim.org>
wrote:
> On 04.10.23 16:34, Chris Siebenmann wrote:
>>> Now I would like to configure this server as a smarthost, so it will
>>> forward emails from my desktop computers (without static IP or DNS).
>>> Also, I'd like to have unique mailnames for each desktop, like
>>> <hostname>.mydomain.org, to better identify where the mail originated
>>> from. But these domains do not really exist, they would be "fake"
>>> mailnames to identify the various desktop computers.
>> [...]
>>> I'm not sure if what I'm trying is possible and sensible. Am I
>>> completely on the wrong track here? Are there a better way to
>>> achieve something similar?
>>
>> I think there's a problem with your plan, unless I'm missing something.
>>
>> If these non-existent unique mail names for your desktop computers
>> appear in either the envelope sender address (the SMTP MAIL FROM) or
>> the From: header, this is not a good idea by itself because if you
>> leak these email addresses out into the outside world, the email will
>> either be rejected (for an envelope sender) or unreplyable (for a From:
>> header). Here, your existing sender verification is telling you that
>> you're trying to send email with addresses that don't work.
>>
>> To fix this, you'd need to either make the names exist in DNS (even if
>> only as MX entries that direct email to mydomain.org's regular mail
>> server) or to change your server's Exim configuration so that it
>> rewrites all of these email addresses in the envelope sender and the
>> address headers. At that point, the only place they'd appear is in the
>> Received: header, and if they're only going to appear in the Received:
>> header my view is that you might as well not bother.
>
> This is a very interesting and valid point! I could actually quite
> easily create MX entries for the host's subdomains on mydomain.org,
> so that MX <hostname>.mydomain.org points to mydomain.org.
>
> But does that mean that in turn, each of these subdomains would need
> to be added as a local domain in exim on mydomain.org?
That would be one solutions, but local domains does not need to be a static
list: you could do a dnsdb lookup for instance
assuming you are example.com, something like this perhaps.
local_doamins = example.com : ${lookup dnsdb{MX=$domain}{${if eq{$value}{42
example.com}{$domain}}}}
which would require their host's doman name to have a single
"42 example.com" MX record and would use the DNS to confirm their existance.
You may wish to add further checks (eg: check that they are a subdomain of you)
> Are there any downsides with that? It seems a bit wrong that mydomain.org
> has local domains <hostname>.mydomain.org, but that is just my gut feeling,
> and I may be wrong here?
Some people like to keep their hostnames secret as part of defense in
depth.
Domainlist local_domains is part of the default exim configuration.
it doesn't actually do anything to exim's behaviour by itself, it only
has effect where local_domains is used in other parts of the
confoguration.
--
Jasen.
🇺🇦 Слава Україні
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
